1
0
mirror of https://github.com/moparisthebest/xeps synced 2024-11-21 16:55:07 -05:00
git-svn-id: file:///home/ksmith/gitmigration/svn/xmpp/trunk@643 4b5297f7-1745-476d-ba37-a9c6900126ab
This commit is contained in:
Peter Saint-Andre 2007-03-06 17:06:12 +00:00
parent ac0d186acc
commit e5148d0548

View File

@ -36,6 +36,12 @@
<url>http://www.xmpp.org/schemas/xhtml-im/xhtml-im-model.xsd</url>
</schemaloc>
&stpeter;
<revision>
<version>1.2pre1</version>
<date>in progress, last updated 2007-03-05</date>
<initials>psa</initials>
<remark>Clarified security considerations regarding images.</remark>
</revision>
<revision>
<version>1.1</version>
<date>2006-01-11</date>
@ -773,7 +779,7 @@ That seems fine to me.
</section2>
</section1>
<section1 topic='Security Considerations' anchor='security'>
<p>The exclusion of scripts, applets, and other multimedia elements reduces the risk of exposure to harmful or malicious objects caused by inclusion of XHTML content. Because of security concerns related to images, an implementation MAY choose not to show images but instead show only the 'alt' text. Because of security concerns related to hyperlinks, an implementation MAY choose not to make them clickable.</p>
<p>The exclusion of scripts, applets, and other multimedia elements reduces the risk of exposure to harmful or malicious objects caused by inclusion of XHTML content. In order to reduce the risk of so-called "phishing" attacks, an implementation MAY choose not to make hyperlinks clickable. Because images served on the Internet may contain malicious instructions or software code and may enable the entity serving the image to determine the network availability of the requesting entity, an implementation MAY choose not to show images but instead show only the 'alt' text or to not fetch images offered by entities that are not authorized to view the user's presence.</p>
</section1>
<section1 topic='W3C Considerations' anchor='w3c'>
<p>The usage of XHTML 1.0 defined herein meets the requirements for XHTML 1.0 Integration Set document type conformance as defined in Section 3 ("Conformance Definition") of <cite>Modularization of XHTML</cite>.</p>